Loading...
iokit/Kernel/IOBufferMemoryDescriptor.cpp xnu-3247.10.11 xnu-3789.51.2
--- xnu/xnu-3247.10.11/iokit/Kernel/IOBufferMemoryDescriptor.cpp
+++ xnu/xnu-3789.51.2/iokit/Kernel/IOBufferMemoryDescriptor.cpp
@@ -554,6 +554,7 @@
 void IOBufferMemoryDescriptor::setLength(vm_size_t length)
 {
     assert(length <= _capacity);
+    if (length > _capacity) return;
 
     _length = length;
     _ranges.v64->length = length;
@@ -625,6 +626,9 @@
 IOBufferMemoryDescriptor::getBytesNoCopy(vm_size_t start, vm_size_t withLength)
 {
     IOVirtualAddress address;
+
+    if ((start + withLength) < start) return 0;
+
     if (kIOMemoryTypePhysical64 == (_flags & kIOMemoryTypeMask))
 	address = (IOVirtualAddress) _buffer;
     else